This demonstrates generating valid TLS certificates using Let's Encrypt and Certbot on a public web server.
- Install Ansible.
- Install role dependencies:
ansible-galaxy install -r requirements.yml
- Create a publicly-accessible VM running Ubuntu 20.04 (on your favorite cloud provider, like AWS, DigitalOcean, etc.).
- Point a valid domain name at this server's IP address (e.g. using Route53 or your DNS provider).
- Make sure your SSH key is added to your user account, and your account has
sudo
access. - Make sure you can SSH into the server using
ssh myuser@subdomain.example.com
(wheresubdomain.example.com
is the domain name you have pointed at the server's IP address).
Copy the inventory.example
to inventory
, and change:
- The server name under the
[letsencrypt]
group to the domain name pointed at your new server. - The value for
letsencrypt_email
to an email address you control.
Run the Ansible playbook to automatically generate a Let's Encrypt certificate and use it in an example Nginx configuration:
ansible-playbook -i inventory main.yml
After the playbook completes, visit your site at the https URL and verify it works with a valid certificate: https://domain.example.com/
Or use openssl on the command line to verify the certificate details:
openssl s_client -showcerts -connect domain.example.com:443
This project was created by Jeff Geerling as an example for Ansible for DevOps.